Privacy Lab & Case Studies

This study group was created by professionals in Data Privacy, IT, and Law, aiming to share knowledge and align distinct yet deeply interconnected perspectives.

Our study group brings together professionals in Data Privacy, IT, and Law to share knowledge and integrate diverse privacy and data protection perspectives. We focus on keeping members informed about key regulations in Canada, Europe, the United States, and Brazil, covering everything from legal frameworks to real-world case studies.

While aligned with Ascend Data Privacy Solutions’ commitment to knowledge sharing, this group operates independently and does not provide consulting services. Our purpose is research, legal updates, case analysis, and the creation of bibliographic content, including articles and books.

Prospective members must complete an interview and have prior experience or education in Data Privacy, Law, Business, or IT.

We strive to foster a dynamic learning environment where members actively contribute their insights, enrich discussions, and strengthen a community dedicated to ethical learning and innovation in this evolving field.

Contact us if you want to join the meetings and expand your knowledge!

Meetings 2024/2025

November 28, 2024

Briding Borders: Insights from GDPR & PIPEDA

December 12, 2024

From Brazil to California: LGPD & CCPA Case Studies

February 6, 2025

Jurisdiction: PIPA (BC) & PIPEDA Memorandum of Understanding

February 20, 2025

PIA and France Case Study on Data Breach:
33 Million Social Security Numbers Exposed in Health Insurance Hack

March 6, 2025

Incident Response in Cybersecurity and Data Privacy
MOVEit Data Breach Case Study

March 20, 2025

Ethical Use of AI
Clearview AI Facial Recognition & Apple Card

April 3, 2025

LLM – Do Current Data Processing Techniques like Tokenization Work?
Case Studies: JPMorgan, Blue Cross, and Home Depot

April 17, 2025

Tokenization vs. Encryption
Case Studies: PCI DSS in Payment Data Security & Apple Pay

May 1, 2025

Data Minimization and Data Retention Case Study: ANPD Brazil

May 15, 2025

Penetration Test and Red Team – Review of Practices
Capital One Data Breach and the Importance of Cloud Penetration Testing

GDPR

The European Union’s General Data Protection Regulation (GDPR), which replaced the 1995 Data Protection Directive, represents a significant milestone in data protection, modernizing how personal data is handled across industries. While the Directive set foundational rules for processing personal data and ensuring its free movement within the EU, the GDPR, adopted on April 27, 2016, and enforced from May 25, 2018, built on these principles to address the digital age challenges.

PIPEDA

The Personal Information Protection and Electronic Documents Act (PIPEDA), enacted on January 1, 2001, governs how private-sector organizations in Canada handle personal information during commercial activities. It also applies to employee data in federally regulated businesses. PIPEDA is built on 10 principles: accountability, purpose identification, consent, limited collection, restricted use, disclosure and retention, accuracy, safeguards, transparency, individual access, and compliance challenges. These principles ensure that organizations manage personal data responsibly, maintaining privacy and security while fostering openness and accessibility for individuals.